]> Raphaƫl G. Git Repositories - distcook/blobdiff - lib/pattern.sh
Rapsys Git / distcook / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Add root.mount to ignored files
[distcook] / lib / pattern.sh
diff --git a/lib/pattern.sh b/lib/pattern.sh
index ed99a725d8a639148b0f91888ff9e3177fe506a7..4c167fb132a486c1a070187e162e200b6760cc55 100755 (executable)
--- a/lib/pattern.sh
+++ b/lib/pattern.sh
@@ -4,7 +4,8 @@
 perl -pne 's%(?:(COMP_CONFIGURE_HINTS|COMP_TAR_INTERNAL_PATHS)=1?)%${1}=1%' -i "$PWD/root/etc/sysconfig/bash-completion"
 
 #Disable gpg agent
-perl -pne 's%(?:(START_GPGAGENT|START_GPGAGENT_SH)=(?:"?(no|yes)"?)?)%${1}="no"%' -i "$PWD/root/etc/sysconfig/gnupg2"
+#XXX: moved to a user systemd service
+#perl -pne 's%(?:(START_GPGAGENT|START_GPGAGENT_SH)=(?:"?(no|yes)"?)?)%${1}="no"%' -i "$PWD/root/etc/sysconfig/gnupg2"
 
 #Locale config
 cat << EOF > "$PWD/root/etc/vconsole.conf"
@@ -82,24 +83,28 @@ DHCP=yes
 EOF
 fi
 
+#Mysql
+mkdir -p "$PWD/root/var/lib/mysql"
+
+#Mail
+mkdir -p "$PWD/root/var/spool/mail"
+
 #Fstab
-#XXX: grub-legacy don't support ext4 and xfs V5 file format for /boot
 cat << EOF > "$PWD/root/etc/fstab"
-UUID=${BOOTUUID}       /boot   ext3    defaults,noatime 1 2
-UUID=${SLASHUUID}      /       btrfs   defaults,relatime 1 1
-UUID=${SWAPAUUID}      none    swap    sw 0 0
-UUID=${SWAPBUUID}      none    swap    sw 0 0
-UUID=${DATAUUID}       ${DATAPATH}     btrfs   defaults,relatime,nofail 1 2
+UUID=${BOOTUUID}       /boot           ext3    defaults,noatime 1 2
+UUID=${DATAUUID}       /               btrfs   subvol=/slash,defaults,relatime 1 1
+UUID=${SWAPAUUID}      none            swap    sw 0 0
+UUID=${SWAPBUUID}      none            swap    sw 0 0
+UUID=${DATAUUID}       /home           btrfs   subvol=/home,defaults,relatime 1 1
+UUID=${DATAUUID}       /var/lib/mysql  btrfs   subvol=/mysql,defaults,relatime 1 1
+UUID=${DATAUUID}       /var/spool/mail btrfs   subvol=/mail,defaults,relatime 1 1
 proc                                           /proc   proc    defaults 0 0
 EOF
 
-# Copy grub files
-cp -f $PWD/root/lib/grub/${ARCH}-mageia/{e2fs_stage1_5,stage{1,2}} $PWD/root/boot/grub/
-
 #Crypttab
+#XXX: Don't forget to add option nofail,noauto for every devices requiring manual unlocking
 cat << EOF > "$PWD/root/etc/crypttab"
-${SLASHNAME}   UUID=${LUKSSLASHUUID}
-${DATANAME}    UUID=${LUKSDATAUUID}    -       nofail,noauto
+${DATANAME}    UUID=${LUKSDATAUUID}
 EOF
 
 #Set resolv.conf
@@ -120,30 +125,8 @@ echo -n "$ROOTPASS" | chroot $PWD/root passwd root --stdin
 chroot $PWD/root adduser -m "$USERLOGIN"
 echo -n "$USERPASS" | chroot $PWD/root passwd "$USERLOGIN" --stdin
 
-#Grub file
-cat << EOF > $PWD/root/boot/grub/menu.lst
-timeout 5
-color black/cyan yellow/cyan
-gfxmenu (hd0,0)/gfxmenu
-default 0
-
-title linux
-root (hd0,0)
-kernel /vmlinuz-server BOOT_IMAGE=linux root=UUID=$SLASHUUID PROFILE=default splash=verbose vga=793
-initrd /initrd-server.img
-
-title failsafe
-root (hd0,0)
-kernel /vmlinuz-server BOOT_IMAGE=failsafe root=UUID=$SLASHUUID rd.luks.uuid=$LUKSSLASHUUID failsafe
-initrd /initrd-server.img
-EOF
-#Update grub fx menu
-chroot $PWD/root grub-gfxmenu --lang fr --update-theme --update-gfxmenu
-
-#Grub device.map
-cat << EOF > $PWD/root/boot/grub/device.map
-(hd0)  /dev/sda
-EOF
+# Fix grub config
+perl -pne 's/^GRUB_TIMEOUT=[0-9]+$/GRUB_TIMEOUT=1/' -i $PWD/root/etc/default/grub
 
 #Shorewall
 cat << EOF >> $PWD/root/etc/shorewall/zones
@@ -247,14 +230,38 @@ chroot "$PWD/root" /usr/sbin/sshd-keygen
 #XXX: forced because msec decides otherwise
 perl -pne 's%^PermitRootLogin .*%PermitRootLogin yes%' -i "$PWD/root/etc/ssh/sshd_config"
 
-# Add rsa key if available
-#XXX: dsa is unsupported anymore
-if [ -e "$HOME/.ssh/id_rsa.pub" ]; then
-       [ ! -d "$PWD/root/root/.ssh" ] && mkdir -m 0700 "$PWD/root/root/.ssh"
-       cp -f "$HOME/.ssh/id_rsa.pub" "$PWD/root/root/.ssh/authorized_keys"
+# Prevent btmp warning
+cat << EOF > "$PWD/root/etc/tmpfiles.d/var.conf"
+# See tmpfiles.d(5) for details
+
+# Prevent msec warning about enforcing permissions
+f /var/log/btmp 0600 root utmp -
+EOF
+
+# Authorized keys
+if [ -e "$HOME/.ssh/id_rsa.pub" -o -e "$HOME/.ssh/id_ed25519.pub" ]; then
+       mkdir -m 0700 "$PWD/root/root/.ssh"
+       touch "$PWD/root/root/.ssh/authorized_keys"
+       chmod u=rw,go=r "$PWD/root/root/.ssh/authorized_keys"
+
+       # Add rsa key if available
+       if [ -e "$HOME/.ssh/id_rsa.pub" ]; then
+               cat "$HOME/.ssh/id_rsa.pub" >> "$PWD/root/root/.ssh/authorized_keys"
+       fi
+
+       # Add ed25519 key if available
+       if [ -e "$HOME/.ssh/id_ed25519.pub" ]; then
+               cat "$HOME/.ssh/id_ed25519.pub" >> "$PWD/root/root/.ssh/authorized_keys"
+       fi
 fi
 
 #TODO ntp /etc/systemd/timesyncd.conf
 
+# Force enable systemd-networkd.service
+chroot "$PWD/root" /usr/bin/systemctl enable systemd-networkd.service
+
+# Force enable systemd-resolved.service
+chroot "$PWD/root" /usr/bin/systemctl enable systemd-resolved.service
+
 # Cleanup tmp and run
 rm -fr $PWD/root/tmp/* $PWD/root/run/*
Scripts to cook mageia ready to install image